Microsoft

72 CVEs tracked in the last 90 days

72 Total CVEs

9 Critical

47 High

16 Medium

0 Low

Severity Distribution

Critical 9 (12.5%)

High 47 (65.3%)

Medium 16 (22.2%)

Low 0 (0.0%)

Top Affected Products

microsoft 365 apps 17

microsoft office long term servicing channel 17

microsoft office 14

microsoft sharepoint server 9

microsoft excel 6

microsoft office online server 6

microsoft windows 10 1607 5

microsoft windows 10 1809 5

Latest CVEs

CVE ID	Severity	CVSS	Description	Date
CVE-2026-31979	high	8.8	Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and …	Mar 11, 2026
CVE-2026-31957	critical	10.0	Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to befor…	Mar 11, 2026
CVE-2025-68623	high	8.8	In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an…	Mar 11, 2026
CVE-2026-26123	medium	5.5	Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized attacker to disclose …	Mar 10, 2026
CVE-2026-26144	high	7.5	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of…	Mar 10, 2026
CVE-2026-26134	high	7.8	Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileg…	Mar 10, 2026
CVE-2026-26114	high	8.8	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex…	Mar 10, 2026
CVE-2026-26113	high	8.4	Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code lo…	Mar 10, 2026
CVE-2026-26112	high	7.8	Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute c…	Mar 10, 2026
CVE-2026-26110	high	8.4	Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor…	Mar 10, 2026
CVE-2026-26109	high	8.4	Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally…	Mar 10, 2026
CVE-2026-26108	high	7.8	Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code…	Mar 10, 2026
CVE-2026-26107	high	7.8	Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.	Mar 10, 2026
CVE-2026-26106	high	8.8	Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute co…	Mar 10, 2026
CVE-2026-26105	high	8.1	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Of…	Mar 10, 2026
CVE-2026-25180	medium	5.5	Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose infor…	Mar 10, 2026
CVE-2026-25169	medium	6.2	Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service local…	Mar 10, 2026
CVE-2026-25168	medium	6.2	Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny ser…	Mar 10, 2026
CVE-2026-25167	high	7.4	Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privile…	Mar 10, 2026
CVE-2026-23668	high	7.0	Concurrent execution using shared resource with improper synchronization ('race condition') in Micro…	Mar 10, 2026
CVE-2026-21536	critical	9.8	Microsoft Devices Pricing Program Remote Code Execution Vulnerability	Mar 5, 2026
CVE-2026-3224	critical	9.8	Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server…	Mar 3, 2026
CVE-2026-2628	critical	9.8	The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to a…	Mar 3, 2026
CVE-2025-58107	high	7.5	In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers …	Mar 2, 2026
CVE-2026-2636	medium	5.5	This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" we…	Feb 25, 2026